Vulnerabilities > CVE-2006-6366 - Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
cerberus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Exploit-Db

descriptionCerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability. CVE-2006-6366. Webapps exploit for php platform
idEDB-ID:29222
last seen2016-02-03
modified2006-12-04
published2006-12-04
reporterEn Douli
sourcehttps://www.exploit-db.com/download/29222/
titleCerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability